Overview

File _patchinfo of Package patchinfo.28792

<patchinfo incident="28792">
  <issue tracker="cve" id="2023-21937"/>
  <issue tracker="cve" id="2023-21938"/>
  <issue tracker="cve" id="2023-21954"/>
  <issue tracker="cve" id="2023-21939"/>
  <issue tracker="cve" id="2023-21967"/>
  <issue tracker="cve" id="2023-21930"/>
  <issue tracker="cve" id="2023-21968"/>
  <issue tracker="bnc" id="1210628">VUL-0: CVE-2023-21930: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk: unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition</issue>
  <issue tracker="bnc" id="1210635">VUL-0: CVE-2023-21954: java-17-openjdk,java-1_8_0-openjdk,java-11-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).</issue>
  <issue tracker="bnc" id="1209333">OpenJDK17: setTrafficClass() doesn't work with IPv6 [ref:_00D1igLOd._5005qNKRrG:ref]</issue>
  <issue tracker="bnc" id="1210631">VUL-0: CVE-2023-21937: java-11-openjdk,java-17-openjdk,java-1_8_0-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).</issue>
  <issue tracker="bnc" id="1210636">VUL-0: CVE-2023-21967: java-17-openjdk,java-1_8_0-ibm,java-11-openjdk,java-1_8_0-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).</issue>
  <issue tracker="bnc" id="1210637">VUL-0: CVE-2023-21968: java-1_8_0-ibm,java-1_8_0-openjdk,java-11-openjdk,java-17-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).</issue>
  <issue tracker="bnc" id="1210634">VUL-0: CVE-2023-21939: java-11-openjdk,java-1_8_0-openjdk,java-17-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).</issue>
  <issue tracker="bnc" id="1210632">VUL-0: CVE-2023-21938: java-11-openjdk,java-1_8_0-openjdk,java-17-openjdk: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-17-openjdk</summary>
  <description>This update for java-17-openjdk fixes the following issues:

Update to upstrem tag jdk-17.0.7+7 (April 2023 CPU)

Security fixes:

- CVE-2023-21930: Fixed AES support (bsc#1210628).
- CVE-2023-21937: Fixed String platform support (bsc#1210631).
- CVE-2023-21938: Fixed runtime support (bsc#1210632).
- CVE-2023-21939: Fixed Swing platform support (bsc#1210634). 
- CVE-2023-21954: Fixed object reclamation process (bsc#1210635).
- CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636).
- CVE-2023-21968: Fixed path handling (bsc#1210637). 

Other fixes:

- Fixed socket setTrafficClass not working for IPv4 connections when IPv6 is enabled (bsc#1209333).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places